Forum Discussion

shopkeeper56_23's avatar
shopkeeper56_23
Icon for Cirrostratus rankCirrostratus
Jul 19, 2016

Landing URI iRule HTTP redirection

Hi all,

I'm working on a small iRule be executed if a user has tried to hit the root uri for a remote access site I am setting up (eg. http://host.co.uk/). The expected behaviour is, if someone hits the root I have a logon page set up with radio buttons to select different domains which have different Landing URI's. The user will select the radio button and a session variable is generate (session.last.logon.domain) which contains the landing URI for that domain. After this the iRule is triggered and they are redirected to the correct uri (eg. https://host.co.uk/blah).

This question has a very similar scenario to myself, but mine is a lot simpler I think since I am only concerned with the redirection and the Landing URI VPE object which is before this performs the required logic to filter out the legitimate requests, meaning the iRule has no need to analyze the URI, since the iRule trigger will be the 'fallback' of the Landing URI object.

Here is my current iRule...

when ACCESS_POLICY_AGENT_EVENT {
    set path [ACCESS::session data get session.logon.last.domain]
    ACCESS::session remove
    HTTP::redirect "https://host.co.uk/$path/"
}

The current behaviour when I go down the path to trigger this iRule is that it seems to go back to the landing page "/my.logon" with a dead screen. Pretty much what you'd expect when "ACCESS::session remove" is triggered, but the redirection is not occurring.

Any ideas?

  • Managed to solve the issue without the iRule or Variable assignment to session.server.landinguri.

     

    All I needed to do was created a Redirect ending and it performs the redirect to the beginning of the policy with the desired uri appended to the end and closes the existing session.

     

    Perfect!

     

     

  • Why are you doing a redirect in that event as opposed to HTTP_REQUEST?

     

  • Lucas_Thompson_'s avatar
    Lucas_Thompson_
    Historic F5 Account

    You don't need any irules to do this.

     

    APM sets a variable called "session.server.landinguri" that contains the URI that the client requested at the very start of the session. At the end of the session (in LTM+APM mode), it will redirect to that URI. And you can override this session variable by just setting it to whatever you want.

     

    The irule you've got isn't really the best way to do it. You don't need to remove the session and redirect the user, instead just set session.server.landinguri and the user will be automatically redirected once the policy is complete.

     

    • shopkeeper56_23's avatar
      shopkeeper56_23
      Icon for Cirrostratus rankCirrostratus

      I see what your saying. Sounds a lot simpler. I will test this when I'm back at my desk and report back.

       

    • shopkeeper56_23's avatar
      shopkeeper56_23
      Icon for Cirrostratus rankCirrostratus

      Lucas - So I tried your method. I have a logon page with radio buttons to determine the uri to redirect to. The after this step I perform a variable assign to session.server.landinguri which then leads to the end of the policy with an allow. I can see the uri is being applied but the page fails to load. Do I need to configure some kind of apm session restart as part of this process?

       

  • Managed to solve the issue without the iRule or Variable assignment to session.server.landinguri.

     

    All I needed to do was created a Redirect ending and it performs the redirect to the beginning of the policy with the desired uri appended to the end and closes the existing session.

     

    Perfect!